VDB
CVE-2022-45093
CVE-2022-45093
PUBLISHED
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
EPSS 3.76% · 88.3th percentile
Risk Scores
EPSS Score
3.76%
88.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NodeJS | Node | 5.0, 16.0, 7.0 |
Exploit Intelligence
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ (circl)
- https://hackerone.com/reports/1524555 (circl)
- FEDORA-2022-52dec6351a (circl)
- FEDORA-2022-1667f7b60a (circl)
- FEDORA-2022-de515f765f (circl)
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf (circl)
- DSA-5326 (circl)
- java-sig.yara (github-yara)
- java-sig.yara (github-yara)
- java-sig.yara (github-yara)
…and 1 more exploits
Timeline
- Jan 10, 2023 CVE Published
- Jan 11, 2023 EPSS Score
- Feb 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Aug 3, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Dec 4, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 24, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-936212.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-482757.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-332410.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-476715.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-431678.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-997779.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-592007.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-349422.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-496604.html advisory
- https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/ url
- https://hackerone.com/reports/1524555 url
- FEDORA-2022-52dec6351a vendor-advisory
- FEDORA-2022-1667f7b60a vendor-advisory
- FEDORA-2022-de515f765f vendor-advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf url
- DSA-5326 vendor-advisory